Cyber Incident Victim: Town of Sunset Beach
Date:
Jun 2021
Location:
United States of America
Summary
The town of Sunset Beach experienced a series of ransomware attacks over a six-week period, with hackers exploiting an unused port to infiltrate systems. Officials did not engage with the attackers or disclose any ransom demands. Daily backups enabled the recovery of 99% of documents, though locally stored desktop files were lost and required recreation. Municipal operations remained unaffected beyond minor document restoration efforts. Following the incident, IT personnel implemented enhanced security measures, including new equipment and software to block unauthorized access. This event reflects broader trends of increased ransomware targeting of critical infrastructure entities, though no external law enforcement agencies were involved in the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Town of Sunset Beach, North Carolina, experienced a series of ransomware attacks over a six-week period beginning in early June 2021. Attackers infiltrated municipal systems through an unused network port, deploying ransomware that encrypted town files. Officials did not disclose the ransom amount demanded and confirmed no communication occurred with the threat actors. The incident came to light during a town council meeting when Planning Director Chad Staradumsky revealed floodplain permits were among compromised documents. Interim Town Administrator Lisa Anglin stated the IT department restored 99% of data using daily system backups, limiting operational disruption to recreating desktop files not stored on central servers. No critical government services were halted, and the town did not involve external law enforcement agencies such as the FBI.
Municipal operations continued with minimal interruption beyond document recreation efforts. Anglin attributed the successful recovery to robust backup protocols that enabled system restoration to pre-attack states within one day. The attackers’ access vector—an obsolete network port—was immediately disabled post-incident. Sunset Beach’s IT team implemented enhanced security measures, including new hardware and software controls, to block similar intrusions. While the attack mirrored broader ransomware trends targeting critical infrastructure, Sunset Beach avoided the data loss and service paralysis seen in contemporaneous incidents like the Colonial Pipeline breach. Town officials, including Mayor Shannon Phillips, deferred technical details to IT personnel, with Councilman Charles Nern noting expectations for future briefings. No evidence suggested citizen data compromise or financial losses beyond staff remediation efforts.